Neelesh Kripalani, CTO, Clover Infotech.
What if someone tells you that the small fortune you invested in the latest cybersecurity solution may not be protecting you as expected? Yes, despite adopting the most sophisticated cybersecurity tool, cyber-attack is just one ‘human error’ away.
World Economic Forum finds that 95% of cybersecurity incidents occur due to human error (source- Global Risks Report)
Human error in cybersecurity breaches is an age-old problem. For years, it has consistently been identified as a major contributing factor to cybersecurity breaches. Here are the most common human errors that lead to cybersecurity breaches: –
- Weak password security – Using simple and commonly used passwords, sharing it or storing it incorrectly leads to weak password security and enhances probability of a breach
- Use of unauthorized software If employees install applications without the knowledge and approval of IT teams, it can lead to attack and unauthorized access of the organization’s IT infrastructure and applications.
- Neglecting software updates that contain important security patches is another major reason that may lead to a security breach.
- Opening email links or attachments without paying attention to small cues such as incorrect spelling in the domain, can lead to the recipient and indirectly the organization becoming a victim of a phishing attacks.
- Ineffective data access management: A stringent administrator who adheres strictly to an organization wide access policy is critical. This will ensure security at all access points and prevent any imposters with malicious intent to gain access and control over the organization’s data and systems.
- Improper management of sensitive data – If sensitive data has been sent over email, it can open doors for a cyberattack
- Using public Wi-Fi without using a VPN and plugging insecure devices such as USB drives can also cause unauthorized access to data and entry into sensitive systems.
While human error cannot be controlled at all times, a set of 8 best practices listed below that can prevent such errors altogether or keep it to very minimal levels is highly recommended for organizations, irrespective of their size and scale: –
- Implement ‘Zero Trust’ policy i.e. verify and monitor every login
- Educate employees- Conduct periodic cybersecurity training to create awareness
- Implement two-factor authentication or biometric to strengthen password security
- Monitor your employees’ activity with Data Access Monitoring (DAM)
- Perform regular software updates as they offer new and improved features along with security enhancements
- Limit sensitive data access with tools such as Privileged Access Management (PAM) and Privileged Identity Management (PIM)
- Make use of system monitoring and surveillance techniques to identify indicators of possible cybersecurity incidents so that they can be contained.
- Block USB devices upon connection to prevent users from accidentally infecting your system/network with malware.